Some types of electronic communications are time-sensitive or transaction-sensitive. For example, a bank may receive a transfer of funds request from a depositor. In another case, a broker may receive a buy or sell order from an online trader. Sensitive and valued communications are not limited to pending financial transactions. As another example, consider a broker that may send time-sensitive investment advice to a trader.
One unique aspect about time or transaction-sensitive communications is that they typically track, log, and employ a variety of security measures. Thus, two parties that engage in such types of communications may use encryption, may use a secure communication channel, may enlist the services of a third party, and may require acknowledgments during the communications.
Yet, in any communication there is a chance for repudiation by one of the parties. That is, one of the parties may assert that it did not receive information to complete the communication, that it received information in an untimely fashion, or that it received the incorrect information necessary to complete the communication. In some cases the repudiation may be legitimate, and in other cases the repudiation may simply be the result of a receiver that does not want to complete a transaction associated with the communication.
To account for these potential problems many techniques require acknowledgements using signatures for purposes of assuring that the proper information, which was sent, is being acknowledged by a receiving party. This technique facilitates what is known as receiver non-repudiation.
However, even the most elaborate software technique may still encounter problems that are not capable of being handled with a purely software-based solution. For instance, consider a hostile environment where some intruder places him/her self in the middle of a communication between a sender and a receiver. The intruder may be purposefully modifying the last packet sent, which makes the receiver unable to extract and utilize the last packet. Also suppose that the last packet is a decryption key without which the receiver cannot complete the communication with the sender.
The intruder may continue to do this until the value of the information, which may be time sensitive, is useless or becomes expired and then the intruder may disappear undetected. A software-based solution cannot properly account for this situation. Most existing software protocols assume that the receiver had received the last packet and it will be generally assumed that it is the receiver that is the culprit attempting to surreptitiously repudiate the transaction with the sender.
A software-based solution may not be capable of solving this man-in-the-middle problem. The last packet is central to the transaction and its delivery to the receiver cannot be guaranteed. This is especially the case in an environment where there is more than zero number of network hops between the receiver and the sender or third party providing the last packet.
Another problem that may not be generally detectable by a software-based solution is when a genuine power failure, system crash, communication line failure, or other situations occur on the receiver's end of the transaction. It can also be the case that the recovery for the problem is not established until after the information associated with the transaction becomes expired or useless. In these cases and perhaps pursuant to prior agreements between the sender and receiver, the receiver may be charged for the transaction or forced to complete it at the receiver's expense, since the problem occurred on the receiver's end.
Furthermore, if the sender and receiver elect to not use a third party to facilitate the transaction, then it may be even more difficult to establish a non-repudiation of the receiver when problems occur. In fact, if the value of the message associated with the transaction is high and it is also time sensitive in nature, then without more robust techniques beyond a purely software-based solution there is also a chance that the receiver may suffer a potentially substantial loss.
Therefore, improved techniques that augment existing software techniques are desirable for purposes of ensuring non-repudiation of a receiver in a time or transaction-sensitive network communication.